Super Web Admin

Discussions about Servers
ShaiHulud
Adept
Posts: 427
Joined: Sat Dec 22, 2012 6:37 am

Super Web Admin

Post by ShaiHulud » Tue Mar 18, 2014 5:31 am

I've just been looking at the Console Log for our server, and I noticed that there was a "SWA: Connection from" entry from an IP address that shouldn't be there. Does anyone know whether this means that the person was able to successfully connect to the server including supplying a working password, or just that a TCP connection was established, and that they may have been rejected if the submitted password was incorrect?

It's a worry. For one thing the listen port is completely non-standard. Perhaps this is easy to enumerate with the right tools though.

Thanks in advance.

User avatar
TheDane
Masterful
Posts: 657
Joined: Tue Feb 12, 2008 2:47 pm
Personal rank: Happy fool :-)

Re: Super Web Admin

Post by TheDane » Tue Mar 18, 2014 10:07 am

Try here: http://www.unrealadmin.org/forums/showthread.php?t=8046

Maybe the answer is in the topic somewhere? :noidea

Or you can try to ask the same there?
Retired.

ShaiHulud
Adept
Posts: 427
Joined: Sat Dec 22, 2012 6:37 am

Re: Super Web Admin

Post by ShaiHulud » Tue Mar 18, 2014 6:41 pm

Thanks :) I'll head over and check that thread out. Looking more closely, I see there are now dozens - maybe hundreds of such entries in the past couple of months. Mostly IPs from China and India. I suppose they're probably just scanning for vulnerable web servers, but I'd like to know for sure.

UT99.org

Re: Super Web Admin

Post by UT99.org » Tue Mar 18, 2014 9:38 pm

billybill wrote:I'm not sure this mod was ever secured. It posed some security risks on earlier versions. Maybe I'm wrong but you don't hear much about it... so maybe I'm right

noccer
Adept
Posts: 329
Joined: Sun Aug 01, 2010 12:15 pm
Personal rank: Proud Terrorist

Re: Super Web Admin

Post by noccer » Wed Mar 19, 2014 8:53 am

Those will be most likely background noise. As you said the IPs are from china, i think russia is also well shown.

You can ignore this, but if you got a firewall you can simply setup a rule to ban those countries. I did this some time ago, since that day i had no more spam in my blog etc.. :D
Image

>>You can't steal any ip (v4)adresses, there are exactly 4294967296 of them, and they will still exist when you wrote down all of them, or are stored in a (master)servers database ;)<<

ShaiHulud
Adept
Posts: 427
Joined: Sat Dec 22, 2012 6:37 am

Re: Super Web Admin

Post by ShaiHulud » Wed Mar 19, 2014 8:22 pm

Thanks guys; it's a GameServers box so I don't think I have any say in the firewalling administration. The SWA thread on UnrealAdmin didn't mention the connection messages, but since nothing untoward has happened to the server, I've come to the same conclusion - that these are random scans and not a specific attempt to gain access to the server via SWA.

User avatar
TheDane
Masterful
Posts: 657
Joined: Tue Feb 12, 2008 2:47 pm
Personal rank: Happy fool :-)

Re: Super Web Admin

Post by TheDane » Wed Mar 19, 2014 9:12 pm

Yes, I can confirm on my forums and servers the bots from Russia and Ukraine are very busy right now and have been for almost a month now. They hit many times a day and I also saw a "record" user post somewhere on these forums that 212 users was online at the same time here recently, this can only be bots ... no offence, but not even ut99,org would be able to attract 212 players at one day. So ..... yes, my guess would be that you don't have to fear that what you see is aimed specificly at your gameserver, but it's most like just random bots hitting everything with a pulse.....
Retired.

User avatar
papercoffee
Godlike
Posts: 9935
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.

Re: Super Web Admin

Post by papercoffee » Wed Mar 19, 2014 11:07 pm

TheDane wrote:no offence, but not even ut99,org would be able to attract 212 players at one day.
This makes sense :loool:
Poor Shade. :mrgreen:

But I noticed recently that our forum is having issues ...some "server not responding" thing.
A 50x error message (don't remeber the last number)

User avatar
UnrealGGecko
Godlike
Posts: 2455
Joined: Wed Feb 01, 2012 11:26 am
Personal rank: GEx the Gecko
Location: Kaunas, Lithuania

Re: Super Web Admin

Post by UnrealGGecko » Thu Mar 20, 2014 12:23 pm

papercoffee wrote:A 50x error message (don't remeber the last number)
Got it too... Error #500 I believe :|

User avatar
Hook
Inhuman
Posts: 752
Joined: Tue Apr 22, 2008 11:21 pm
Personal rank: UT99 Promoter/Admin
Location: Minnesota USA

Re: Super Web Admin

Post by Hook » Thu Mar 20, 2014 5:34 pm

I've noticed a slow down also on my sites - and here also a bit - hmmmm :?
=Hook=(Member# 626)
Active Forums: http://hooksutplace.freeforums.net
UT99 Server -> CROSSBONES Missile Madness {CMM}

* Newest Versions of: PRO-Redeemers | PRO-SNIPER-Redeemers | PRO-SEEKER-Redeemers <-(the Original)
and Now with FOOD FIGHT and Frying Pan arena !!!
IP: 68.232.181.236:7777
{CMH} CROSSBONES Monster Hunt (MH) by Mars007 (The Original) - IP: 108.61.238.93:7777

User avatar
papercoffee
Godlike
Posts: 9935
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.

Re: Super Web Admin

Post by papercoffee » Thu Mar 20, 2014 7:22 pm

UnrealGecko wrote:
papercoffee wrote:A 50x error message (don't remeber the last number)
Got it too... Error #500 I believe :|
Hook wrote:I've noticed a slow down also on my sites - and here also a bit - hmmmm :?
Those damn hacker apes ...A server admin told me once he set up a honeypot for hackers. it was a low secured part of the server filled with corrupted files and malware labeled as important stuff, only accessible from outside when you hack the server.
The hacking attempts decreased sharply afterwards.

User avatar
TheDane
Masterful
Posts: 657
Joined: Tue Feb 12, 2008 2:47 pm
Personal rank: Happy fool :-)

Re: Super Web Admin

Post by TheDane » Thu Mar 20, 2014 9:47 pm

There is a great difference between hacking and these spambots?!?!?!
Retired.

User avatar
papercoffee
Godlike
Posts: 9935
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.

Re: Super Web Admin

Post by papercoffee » Thu Mar 20, 2014 10:38 pm

TheDane wrote:There is a great difference between hacking and these spambots?!?!?!
You can also use them for a DDos attack ...but I mean bots not explicit spambots.